software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider Java Examples

The following examples show how to use software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: S3FileSystem.java    From dremio-oss with Apache License 2.0 6 votes vote down vote up
@VisibleForTesting
protected AwsCredentialsProvider getAsync2Provider(Configuration config) {
  switch(config.get(Constants.AWS_CREDENTIALS_PROVIDER)) {
    case ACCESS_KEY_PROVIDER:
      return StaticCredentialsProvider.create(AwsBasicCredentials.create(
        config.get(Constants.ACCESS_KEY), config.get(Constants.SECRET_KEY)));
    case EC2_METADATA_PROVIDER:
      return InstanceProfileCredentialsProvider.create();
    case NONE_PROVIDER:
      return AnonymousCredentialsProvider.create();
    case ASSUME_ROLE_PROVIDER:
      return new STSCredentialProviderV2(config);
    default:
      throw new IllegalStateException(config.get(Constants.AWS_CREDENTIALS_PROVIDER));
  }
}
 
Example #2
Source File: MirrorImporterConfiguration.java    From hedera-mirror-node with Apache License 2.0 5 votes vote down vote up
private AwsCredentialsProvider awsCredentialsProvider(String accessKey, String secretKey) {
    if (StringUtils.isNotBlank(accessKey) && StringUtils.isNotBlank(secretKey)) {
        log.info("Setting up S3 async client using provided access/secret key");
        return StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey));
    } else {
        log.info("Setting up S3 async client using anonymous credentials");
        return AnonymousCredentialsProvider.create();
    }
}
 
Example #3
Source File: StsWebIdentityCredentialsProviderFactory.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
private StsWebIdentityCredentialsProvider(WebIdentityTokenCredentialProperties credentialProperties) {
    String roleSessionName = credentialProperties.roleSessionName();
    String sessionName = roleSessionName != null ? roleSessionName : "aws-sdk-java-" + System.currentTimeMillis();

    OrRetryCondition retryCondition = OrRetryCondition.create(new StsRetryCondition(),
                                                              RetryCondition.defaultRetryCondition());

    this.stsClient = StsClient.builder()
                              .applyMutation(this::configureEndpoint)
                              .credentialsProvider(AnonymousCredentialsProvider.create())
                              .overrideConfiguration(o -> o.retryPolicy(r -> r.retryCondition(retryCondition)))
                              .build();

    AssumeRoleWithWebIdentityRequest request = AssumeRoleWithWebIdentityRequest.builder()
                                                                               .roleArn(credentialProperties.roleArn())
                                                                               .roleSessionName(sessionName)
                                                                               .build();

    AssumeRoleWithWebIdentityRequestSupplier supplier =
        new AssumeRoleWithWebIdentityRequestSupplier(request,
                                                     credentialProperties.webIdentityTokenFile());

    this.credentialsProvider =
        StsAssumeRoleWithWebIdentityCredentialsProvider.builder()
                                                       .stsClient(stsClient)
                                                       .refreshRequest(supplier)
                                                       .build();
}
 
Example #4
Source File: EndpointDiscoveryTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
@Test(timeout = 10_000)
public void canBeEnabledViaProfileOnOverrideConfiguration() throws InterruptedException {
    ExecutionInterceptor interceptor = Mockito.spy(AbstractExecutionInterceptor.class);

    String profileFileContent =
        "[default]\n" +
        "aws_endpoint_discovery_enabled = true";

    ProfileFile profileFile = ProfileFile.builder()
                                         .type(ProfileFile.Type.CONFIGURATION)
                                         .content(new StringInputStream(profileFileContent))
                                         .build();

    DynamoDbClient dynamoDb = DynamoDbClient.builder()
                                            .region(Region.US_WEST_2)
                                            .credentialsProvider(AnonymousCredentialsProvider.create())
                                            .overrideConfiguration(c -> c.defaultProfileFile(profileFile)
                                                                         .defaultProfileName("default")
                                                                         .addExecutionInterceptor(interceptor)
                                                                         .retryPolicy(r -> r.numRetries(0)))
                                            .build();

    assertThatThrownBy(dynamoDb::listTables).isInstanceOf(SdkException.class);

    ArgumentCaptor<Context.BeforeTransmission> context;

    do {
        Thread.sleep(1);
        context = ArgumentCaptor.forClass(Context.BeforeTransmission.class);
        Mockito.verify(interceptor, atLeastOnce()).beforeTransmission(context.capture(), any());
    } while (context.getAllValues().size() < 2);

    assertThat(context.getAllValues()
                      .stream()
                      .anyMatch(v -> v.httpRequest()
                                      .firstMatchingHeader("X-Amz-Target")
                                      .map(h -> h.equals("DynamoDB_20120810.DescribeEndpoints"))
                                      .orElse(false)))
        .isTrue();
}
 
Example #5
Source File: InvalidRegionTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
@Test
public void invalidS3ArnRegionAtRequestGivesHelpfulMessage() {
    S3Client client = S3Client.builder()
                              .region(Region.of("us-east-1"))
                              .credentialsProvider(AnonymousCredentialsProvider.create())
                              .serviceConfiguration(c -> c.useArnRegionEnabled(true))
                              .build();

    assertThatThrownBy(() -> client.getObject(r -> r.bucket("arn:aws:s3:US_EAST_1:123456789012:accesspoint/test")
                                                    .key("test")))
        .isInstanceOf(SdkClientException.class)
        .hasMessageContaining("US_EAST_1")
        .hasMessageContaining("region");
}
 
Example #6
Source File: InvalidRegionTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
@Test
public void invalidS3PresignerArnRegionAtRequestGivesHelpfulMessage() {
    S3Presigner presigner = S3Presigner.builder()
                                       .region(Region.of("us-east-1"))
                                       .credentialsProvider(AnonymousCredentialsProvider.create())
                                       .serviceConfiguration(S3Configuration.builder().useArnRegionEnabled(true).build())
                                       .build();

    String arn = "arn:aws:s3:US_EAST_1:123456789012:accesspoint/test";
    assertThatThrownBy(() -> presigner.presignGetObject(r -> r.getObjectRequest(g -> g.bucket(arn).key("test"))
                                                              .signatureDuration(Duration.ofMinutes(15))))
        .isInstanceOf(SdkClientException.class)
        .hasMessageContaining("US_EAST_1")
        .hasMessageContaining("region");
}
 
Example #7
Source File: ProfileUseArnRegionProviderTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
@Test
public void specifiedInOverrideConfig_shouldUse() {
    ExecutionInterceptor interceptor = Mockito.spy(AbstractExecutionInterceptor.class);

    String profileFileContent =
        "[default]\n" +
        "s3_use_arn_region = true\n";

    ProfileFile profileFile = ProfileFile.builder()
                                         .type(ProfileFile.Type.CONFIGURATION)
                                         .content(new StringInputStream(profileFileContent))
                                         .build();

    S3Client s3 = S3Client.builder()
                          .region(Region.US_WEST_2)
                          .credentialsProvider(AnonymousCredentialsProvider.create())
                          .overrideConfiguration(c -> c.defaultProfileFile(profileFile)
                                                       .defaultProfileName("default")
                                                       .addExecutionInterceptor(interceptor)
                                                       .retryPolicy(r -> r.numRetries(0)))
                          .build();

    String arn = "arn:aws:s3:us-banana-46:12345567890:accesspoint:foo";
    assertThatThrownBy(() -> s3.getObject(r -> r.bucket(arn).key("bar"))).isInstanceOf(SdkException.class);

    ArgumentCaptor<Context.BeforeTransmission> context = ArgumentCaptor.forClass(Context.BeforeTransmission.class);
    Mockito.verify(interceptor).beforeTransmission(context.capture(), any());

    String host = context.getValue().httpRequest().host();
    assertThat(host).contains("us-banana-46");
}
 
Example #8
Source File: InvalidRegionTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
@Test
public void invalidClientRegionGivesHelpfulMessage() {
    assertThatThrownBy(() -> ProtocolRestJsonClient.builder()
                                                   .region(Region.of("US_EAST_1"))
                                                   .credentialsProvider(AnonymousCredentialsProvider.create())
                                                   .build())
        .isInstanceOf(SdkClientException.class)
        .hasMessageContaining("US_EAST_1")
        .hasMessageContaining("region");
}
 
Example #9
Source File: Aws4SignerTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
/**
 * Tests that if passed anonymous credentials, signer will not generate a signature.
 */
@Test
public void testAnonymous() throws Exception {
    AwsCredentials credentials = AnonymousCredentialsProvider.create().resolveCredentials();
    SdkHttpFullRequest request = generateBasicRequest().build();

    SignerTestUtils.signRequest(signer, request, credentials, "demo", signingOverrideClock, "us-east-1");

    assertNull(request.headers().get("Authorization"));
}
 
Example #10
Source File: DefaultAwsClientBuilderTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
private AwsClientBuilder<TestClientBuilder, TestClient> testClientBuilder() {
    ClientOverrideConfiguration overrideConfig =
        ClientOverrideConfiguration.builder()
                                   .putAdvancedOption(SIGNER, TEST_SIGNER)
                                   .putAdvancedOption(ENABLE_DEFAULT_REGION_DETECTION, false)
                                   .build();

    return new TestClientBuilder().credentialsProvider(AnonymousCredentialsProvider.create())
                                  .overrideConfiguration(overrideConfig);
}
 
Example #11
Source File: DefaultAwsClientBuilderTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
private AwsClientBuilder<TestAsyncClientBuilder, TestAsyncClient> testAsyncClientBuilder() {
    ClientOverrideConfiguration overrideConfig =
        ClientOverrideConfiguration.builder()
                                   .putAdvancedOption(SIGNER, TEST_SIGNER)
                                   .putAdvancedOption(ENABLE_DEFAULT_REGION_DETECTION, false)
                                   .build();

    return new TestAsyncClientBuilder().credentialsProvider(AnonymousCredentialsProvider.create())
                                       .overrideConfiguration(overrideConfig);
}
 
Example #12
Source File: S3RandomAccessFile.java    From netcdf-java with BSD 3-Clause "New" or "Revised" License 4 votes vote down vote up
private S3RandomAccessFile(String url) throws IOException {
  super(url, s3BufferSize, s3MaxReadCacheSize);

  // Region is tricky. Since we are using AWS SDK to manage connections to all object stores, we might have users
  // who use netCDF-Java and never touch AWS. If that's they case, they likely have not setup a basic credentials or
  // configuration file, and thus lack a default region. What we will do here is check to see if there is one set.
  // If, by the time we make the client, profileRegion isn't set, we will default to the AWS_GLOBAL region, which is
  // like a no-op region when it comes to S3. This will allow requests to non-AWS-S3 object stores to work, because
  // a region must be set, even if it's useless.
  Optional<Region> profileRegion = ProfileFile.defaultProfileFile().profile("default")
      .map(p -> p.properties().get(ProfileProperty.REGION)).map(Region::of);

  try {
    uri = new CdmS3Uri(url);
  } catch (URISyntaxException urie) {
    // If we are given a string that is not a valid CdmS3Uri
    // throw an IOException
    throw new IOException(urie.getCause());
  }

  Builder httpConfig = ApacheHttpClient.builder().maxConnections(maxConnections)
      .connectionTimeout(Duration.ofMillis(connectionTimeout)).socketTimeout(Duration.ofMillis(socketTimeout));

  S3ClientBuilder s3ClientBuilder = S3Client.builder().httpClientBuilder(httpConfig);

  // if we are accessing an S3 compatible service, we need to override the server endpoint
  uri.getEndpoint().ifPresent(s3ClientBuilder::endpointOverride);

  // build up a chain of credentials providers
  AwsCredentialsProviderChain.Builder cdmCredentialsProviderChainBuilder = AwsCredentialsProviderChain.builder();

  // if uri has a profile name, we need setup a credentials provider to look for potential credentials, and see if a
  // region has been set
  if (uri.getProfile().isPresent()) {
    // get the profile name
    String profileName = uri.getProfile().get();

    ProfileCredentialsProvider namedProfileCredentials =
        ProfileCredentialsProvider.builder().profileName(profileName).build();

    // add it to the chain that it is the first thing checked for credentials
    cdmCredentialsProviderChainBuilder.addCredentialsProvider(namedProfileCredentials);

    // Read the region associated with the profile, if set
    // Note: the java sdk does not do this by default
    Optional<Region> namedProfileRegion = ProfileFile.defaultProfileFile().profile(profileName)
        .map(p -> p.properties().get(ProfileProperty.REGION)).map(Region::of);
    // if the named profile has a region, update profileRegion to use it.
    if (namedProfileRegion.isPresent()) {
      profileRegion = namedProfileRegion;
    }
  }

  // Add the Default Credentials Provider Chain:
  // https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html
  cdmCredentialsProviderChainBuilder.addCredentialsProvider(DefaultCredentialsProvider.create());

  // Add the AnonymousCredentialsProvider last
  cdmCredentialsProviderChainBuilder.addCredentialsProvider(AnonymousCredentialsProvider.create());

  // build the credentials provider that we'll use
  AwsCredentialsProviderChain cdmCredentialsProviderChain = cdmCredentialsProviderChainBuilder.build();

  // Add the credentials provider to the client builder
  s3ClientBuilder.credentialsProvider(cdmCredentialsProviderChain);

  // Set the region for the client builder (default to AWS_GLOBAL)
  s3ClientBuilder.region(profileRegion.orElse(Region.AWS_GLOBAL));

  // Build the client
  client = s3ClientBuilder.build();

  // request HEAD for the object
  HeadObjectRequest headdObjectRequest =
      HeadObjectRequest.builder().bucket(uri.getBucket()).key(uri.getKey()).build();

  objectHeadResponse = client.headObject(headdObjectRequest);
}
 
Example #13
Source File: ResourceManagementTest.java    From aws-sdk-java-v2 with Apache License 2.0 4 votes vote down vote up
public ProtocolRestJsonClientBuilder syncClientBuilder() {
    return ProtocolRestJsonClient.builder()
                                 .region(Region.US_EAST_1)
                                 .credentialsProvider(AnonymousCredentialsProvider.create());
}
 
Example #14
Source File: ResourceManagementTest.java    From aws-sdk-java-v2 with Apache License 2.0 4 votes vote down vote up
public ProtocolRestJsonAsyncClientBuilder asyncClientBuilder() {
    return ProtocolRestJsonAsyncClient.builder()
                                      .region(Region.US_EAST_1)
                                      .credentialsProvider(AnonymousCredentialsProvider.create());
}